Its not a bad idea. I will take a look At your solution to see ir italia cleaner than mine. If you could post some code i will apreciate. El may 20, 2014 2:43 PM, "devcanada" <[email protected]> escribió:
> Hi Thomas, > > Thanks a lot! I will have a look at it. > > I have ended by creating my own jaas realms that are deployed as login > modules (Glassfish and JBoss), > These realms are very app specific (The underlying users - passwords - > roles > - permissions system comes from an Ivy Server (IvyTeam company)). > > The ejb services are first protected through these realms. > Then after comes SHIRO in the game: > - a shiroInterceptor intercepts the calls and gets the callerPrincipal from > the ejbContext (from the jaas realms). We get the roles and permissions > with > the callerPrincipal also there and it calls the securityManager.login(...) > method > - a shiro realm is used for shiro authentication and authorization > > It is not the most straight forward solution of the world, but it works.... > Work still in progress ;) > Somedays I will try to post a simplified solution somewhere to show how it > works. > > Cheers > > Emmanuel > > > > -- > View this message in context: > http://shiro-user.582556.n2.nabble.com/Securing-EJB-Web-Services-with-HTTP-Basic-Auth-tp7579962p7579968.html > Sent from the Shiro User mailing list archive at Nabble.com. >
